| blob | 298103377a7bcc9f15ce0dc2bc49b87b4253a256 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- A C C E S S I B I L I T Y --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 2022-2024, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
58 ---------------------------
59 -- Accessibility_Message --
60 ---------------------------
67 begin
68 -- In an instance, this is a runtime check, but one we know will fail,
69 -- so generate an appropriate warning.
73 Error_Msg_F
82 else
85 -- Check for case where we have a missing access definition
88 and then
90 | N_Index_Or_Discriminant_Constraint
91 then
95 loop
100 Error_Msg_NE
109 -------------------------
110 -- Accessibility_Level --
111 -------------------------
113 function Accessibility_Level
118 is
122 (Accessibility_Level
124 -- Renaming of the enclosing function to facilitate recursive calls
127 -- Construct an integer literal representing an accessibility level with
128 -- its type set to Natural.
131 -- Returns the scope depth of the given node's innermost enclosing scope
132 -- (effectively the accessibility level of the innermost enclosing
133 -- master).
136 -- Centralized processing of subprogram calls which may appear in prefix
137 -- notation.
141 -- Renaming of Type_Access_Level with Allow_Alt_Model specified to avoid
142 -- passing the parameter specifically in every call.
144 ----------------------------------
145 -- Innermost_Master_Scope_Depth --
146 ----------------------------------
154 begin
155 -- Locate the nearest enclosing node (by traversing Parents)
156 -- that Defining_Entity can be applied to, and return the
157 -- depth of that entity's nearest enclosing scope.
159 -- The RM 7.6.1(3) definition of "master" includes statements
160 -- and conditions for loops among other things. Are these cases
161 -- detected properly ???
167 -- X'Old is nested within the current subprogram, so we do not
168 -- want Find_Enclosing_Scope of that subprogram. If this is an
169 -- allocator, then we're looking for the innermost master of
170 -- the call, so again we do not want Find_Enclosing_Scope.
175 then
177 else
181 -- Ignore transient scopes made during expansion while also
182 -- taking into account certain expansions - like iterators
183 -- which get expanded into renamings and thus not marked
184 -- as coming from source.
189 then
190 -- Note that in some rare cases the scope depth may not be
191 -- set, for example, when we are in the middle of analyzing
192 -- a type and the enclosing scope is said type. In that case
193 -- simply return zero for the outermost scope.
197 else
202 -- For a return statement within a function, return
203 -- the depth of the function itself. This is not just
204 -- a small optimization, but matters when analyzing
205 -- the expression in an expression function before
206 -- the body is created.
209 | N_Simple_Return_Statement
210 then
213 -- Statements are counted as masters
223 -- Should never reach the following return
230 ------------------------
231 -- Make_Level_Literal --
232 ------------------------
237 begin
242 --------------------------------------
243 -- Function_Call_Or_Allocator_Level --
244 --------------------------------------
249 begin
250 -- Results of functions are objects, so we either get the
251 -- accessibility of the function or, in case of a call which is
252 -- indirect, the level of the access-to-subprogram type.
254 -- This code looks wrong ???
258 then
260 return Make_Level_Literal
262 else
263 return Make_Level_Literal
267 -- We ignore coextensions as they cannot be implemented under the
268 -- "small-integer" model.
273 then
277 -- Named access types have a designated level
282 -- Otherwise, the level is dictated by RM 3.10.2 (10.7/3)
284 else
285 -- Check No_Dynamic_Accessibility_Checks restriction override for
286 -- alternative accessibility model.
288 if Allow_Alt_Model
291 then
292 -- In the alternative model the level is that of the
293 -- designated type.
298 -- For function calls the level is that of the innermost
299 -- master, otherwise (for allocators etc.) we get the level
300 -- of the corresponding anonymous access type, which is
301 -- calculated through the normal path of execution.
304 return Make_Level_Literal
310 -- Dynamic checks are generated when we are within a return
311 -- value or we are in a function call within an anonymous
312 -- access discriminant constraint of a return object (signified
313 -- by In_Return_Context) on the side of the callee.
315 -- So, in this case, return accessibility level of the
316 -- enclosing subprogram.
319 or else In_Return_Context
320 then
321 return Make_Level_Literal
326 -- When the call is being dereferenced the level is that of the
327 -- enclosing master of the dereferenced call.
330 | N_Indexed_Component
331 | N_Selected_Component
332 then
333 return Make_Level_Literal
337 -- Find any relevant enclosing parent nodes that designate an
338 -- object being initialized.
340 -- Note: The above is only relevant if the result is used "in its
341 -- entirety" as RM 3.10.2 (10.2/3) states. However, this is
342 -- accounted for in the case statement in the main body of
343 -- Accessibility_Level for N_Selected_Component.
348 -- Detect an expanded implicit conversion, typically this
349 -- occurs on implicitly converted actuals in calls.
351 -- Does this catch all implicit conversions ???
355 then
356 return Make_Level_Literal
360 -- Jump out when we hit an object declaration or the right-hand
361 -- side of an assignment, or a construct such as an aggregate
362 -- subtype indication which would be the result is not used
363 -- "in its entirety."
373 -- Assignment statements are handled in a similar way in
374 -- accordance to the left-hand part. However, strictly speaking,
375 -- this is illegal according to the RM, but this change is needed
376 -- to pass an ACATS C-test and is useful in general ???
380 return Make_Level_Literal
381 (Scope_Depth
385 -- Return the accessibility level of the left-hand part
387 return Accessibility_Level
393 return Make_Level_Literal
399 -- Local variables
404 -- Start of processing for Accessibility_Level
406 begin
407 -- We could be looking at a reference to a formal due to the expansion
408 -- of entries and other cases, so obtain the renaming if necessary.
413 -- Use the original node unless it is an unanalyzed identifier, as we
414 -- don't want to reason on unanalyzed expressions from predicates.
418 then
421 else
425 -- Extract the entity
430 -- Deal with a possible renaming of a private protected component
437 -- Perform the processing on the expression
440 -- The level of an aggregate is that of the innermost master that
441 -- evaluates it as defined in RM 3.10.2 (10/4).
446 -- The accessibility level is that of the access type, except for
447 -- anonymous allocators which have special rules defined in RM 3.10.2
448 -- (14/3).
453 -- We could reach this point for two reasons. Either the expression
454 -- applies to a special attribute ('Loop_Entry, 'Result, or 'Old), or
455 -- we are looking at the access attributes directly ('Access,
456 -- 'Address, or 'Unchecked_Access).
461 -- Regular 'Access attribute presence means we have to look at the
462 -- prefix.
467 -- Unchecked or unrestricted attributes have unlimited depth
470 | Name_Unchecked_Access
471 | Name_Unrestricted_Access
472 then
475 -- 'Access can be taken further against other special attributes,
476 -- so handle these cases explicitly.
479 in Name_Old |
480 Name_Loop_Entry |
481 Name_Result |
482 Name_Super |
483 Name_Tag |
484 Name_Safe_First |
485 Name_Safe_Last |
486 Name_First |
487 Name_Last
488 then
489 -- Named access types
492 return Make_Level_Literal
495 -- Anonymous access types
501 then
503 return New_Occurrence_Of
506 -- Otherwise the level is treated in a similar way as
507 -- aggregates according to RM 6.1.1 (35.1/4) which concerns
508 -- an implicit constant declaration - in turn defining the
509 -- accessibility level to be that of the implicit constant
510 -- declaration.
512 else
513 return Make_Level_Literal
517 else
521 -- This is the "base case" for accessibility level calculations which
522 -- means we are near the end of our recursive traversal.
525 -- A dynamic check is performed on the side of the callee when we
526 -- are within a return statement, so return a library-level
527 -- accessibility level to null out checks on the side of the
528 -- caller.
534 then
537 -- Something went wrong and an extra accessibility formal has not
538 -- been generated when one should have ???
543 then
546 -- Stand-alone object of an anonymous access type "SAOAAT"
550 | E_Constant)
554 then
556 return Make_Level_Literal
560 -- No_Dynamic_Accessibility_Checks restriction override for
561 -- alternative accessibility model.
563 if Allow_Alt_Model
565 then
566 -- In the alternative model the level is that of the
567 -- designated type entity's context.
572 -- Otherwise the level depends on the entity's context
575 return Make_Level_Literal
576 (Subprogram_Access_Level
578 else
579 return Make_Level_Literal
584 -- Return the dynamic level in the normal case
586 return New_Occurrence_Of
589 -- Initialization procedures have a special extra accessibility
590 -- parameter associated with the level at which the object
591 -- being initialized exists
597 then
598 return New_Occurrence_Of
601 -- Current instance of the type is deeper than that of the type
602 -- according to RM 3.10.2 (21).
605 -- When restriction No_Dynamic_Accessibility_Checks is active
606 -- along with -gnatd_b.
608 if Allow_Alt_Model
610 and then Debug_Flag_Underscore_B
611 then
615 -- Normal path
619 -- Move up the renamed entity or object if it came from source
620 -- since expansion may have created a dummy renaming under
621 -- certain circumstances.
623 -- Note: We check if the original node of the renaming comes
624 -- from source because the node may have been rewritten.
627 and then Comes_From_Source
629 then
632 -- Named access types get their level from their associated type
635 return Make_Level_Literal
638 -- Check if E is an expansion-generated renaming of an iterator
639 -- by examining Related_Expression. If so, determine the
640 -- accessibility level based on the original expression.
644 then
650 then
651 return New_Occurrence_Of
654 -- Normal object - get the level of the enclosing scope
656 else
657 return Make_Level_Literal
661 -- Handle indexed and selected components including the special cases
662 -- whereby there is an implicit dereference, a component of a
663 -- composite type, or a function call in prefix notation.
665 -- We don't handle function calls in prefix notation correctly ???
670 -- Fetch the original node when the prefix comes from the result
671 -- of expanding a function call since we want to find the level
672 -- of the original source call.
676 then
680 -- When E is an indexed component or selected component and
681 -- the current Expr is a function call, we know that we are
682 -- looking at an expanded call in prefix notation.
687 -- If the prefix is a named access type, then we are dealing
688 -- with an implicit deferences. In that case the level is that
689 -- of the named access type in the prefix.
692 return Make_Level_Literal
695 -- The current expression is a named access type, so there is no
696 -- reason to look at the prefix. Instead obtain the level of E's
697 -- named access type.
700 return Make_Level_Literal
703 -- A nondiscriminant selected component where the component
704 -- is an anonymous access type means that its associated
705 -- level is that of the containing type - see RM 3.10.2 (16).
707 -- Note that when restriction No_Dynamic_Accessibility_Checks is
708 -- in effect we treat discriminant components as regular
709 -- components.
711 elsif
719 -- The alternative accessibility models both treat
720 -- discriminants as regular components.
725 -- Arrays featuring components of anonymous access components
726 -- get their corresponding level from their containing type's
727 -- declaration.
729 or else
735 then
736 -- When restriction No_Dynamic_Accessibility_Checks is active
737 -- and -gnatd_b set, the level is that of the designated type.
739 if Allow_Alt_Model
741 and then Debug_Flag_Underscore_B
742 then
743 return Make_Level_Literal
747 -- Otherwise proceed normally
749 return Make_Level_Literal
752 -- The accessibility calculation routine that handles function
753 -- calls (Function_Call_Level) assumes, in the case the
754 -- result is of an anonymous access type, that the result will be
755 -- used "in its entirety" when the call is present within an
756 -- assignment or object declaration.
758 -- To properly handle cases where the result is not used in its
759 -- entirety, we test if the prefix of the component in question is
760 -- a function call, which tells us that one of its components has
761 -- been identified and is being accessed. Therefore we can
762 -- conclude that the result is not used "in its entirety"
763 -- according to RM 3.10.2 (10.2/3).
767 then
768 -- Dynamic checks are generated when we are within a return
769 -- value or we are in a function call within an anonymous
770 -- access discriminant constraint of a return object (signified
771 -- by In_Return_Context) on the side of the callee.
773 -- So, in this case, return a library accessibility level to
774 -- null out the check on the side of the caller.
779 then
780 return Make_Level_Literal
784 return Make_Level_Literal
787 -- Otherwise, continue recursing over the expression prefixes
789 else
793 -- Qualified expressions
797 return Make_Level_Literal
799 else
803 -- Handle function calls
808 -- Explicit dereference accessibility level calculation
813 -- The prefix is a named access type so the level is taken from
814 -- its type.
819 -- Otherwise, recurse deeper
821 else
825 -- Type conversions
828 -- View conversions are special in that they require use to
829 -- inspect the expression of the type conversion.
831 -- Allocators of anonymous access types are internally generated,
832 -- so recurse deeper in that case as well.
836 then
839 -- We don't care about the master if we are looking at a named
840 -- access type.
843 return Make_Level_Literal
846 -- In section RM 3.10.2 (10/4) the accessibility rules for
847 -- aggregates and value conversions are outlined. Are these
848 -- followed in the case of initialization of an object ???
850 -- Should use Innermost_Master_Scope_Depth ???
852 else
856 -- Default to the type accessibility level for the type of the
857 -- expression's entity.
864 -------------------------------
865 -- Apply_Accessibility_Check --
866 -------------------------------
868 procedure Apply_Accessibility_Check
872 is
880 begin
881 -- Verify we haven't tried to add a dynamic accessibility check when we
882 -- shouldn't.
891 then
894 -- Renamed_Object must return an Entity_Name here
895 -- because of preceding "Present (E_E_A (...))" test.
904 -- Only apply the run-time check if the access parameter has an
905 -- associated extra access level parameter and when accessibility checks
906 -- are enabled.
912 then
913 -- Obtain the parameter's accessibility level
915 Param_Level :=
918 -- Use the dynamic accessibility parameter for the function's result
919 -- when one has been created instead of statically referring to the
920 -- deepest type level so as to appropriatly handle the rules for
921 -- RM 3.10.2 (10.1/3).
926 then
927 -- Associate the level of the result type to the extra result
928 -- accessibility parameter belonging to the current function.
931 Type_Level :=
932 New_Occurrence_Of
935 -- In Ada 2005 and earlier modes, a result extra accessibility
936 -- parameter is not generated and no dynamic check is performed.
938 else
942 -- Otherwise get the type's accessibility level normally
944 else
945 Type_Level :=
949 -- Raise Program_Error if the accessibility level of the access
950 -- parameter is deeper than the level of the target access type.
952 Check_Cond :=
964 -- If constant folding has happened on the condition for the
965 -- generated error, then warn about it being unconditional.
969 then
977 ---------------------------------------------
978 -- Apply_Accessibility_Check_For_Allocator --
979 ---------------------------------------------
981 procedure Apply_Accessibility_Check_For_Allocator
986 is
997 begin
1000 and then Tagged_Type_Expansion
1003 and then
1005 or else
1008 then
1009 -- If the allocator was built in place, Ref is already a reference
1010 -- to the access object initialized to the result of the allocator
1011 -- (see Exp_Ch6.Make_Build_In_Place_Call_In_Allocator). We call
1012 -- Remove_Side_Effects for cases where the build-in-place call may
1013 -- still be the prefix of the reference (to avoid generating
1014 -- duplicate calls). Otherwise, it is the entity associated with
1015 -- the object containing the address of the allocated object.
1020 else
1024 -- For access to interface types we must generate code to displace
1025 -- the pointer to the base of the object since the subsequent code
1026 -- references components located in the TSD of the object (which
1027 -- is associated with the primary dispatch table --see a-tags.ads)
1028 -- and also generates code invoking Free, which requires also a
1029 -- reference to the base of the unallocated object.
1032 Obj_Ref :=
1035 Name =>
1042 -- Step 1: Create the object clean up code
1046 -- Deallocate the object if the accessibility check fails. This is
1047 -- done only on targets or profiles that support deallocation.
1049 -- Free (Obj_Ref);
1057 -- The target or profile cannot deallocate objects
1059 else
1063 -- Finalize the object if applicable. Generate:
1065 -- [Deep_]Finalize (Obj_Ref.all);
1069 then
1070 Fin_Call :=
1071 Make_Final_Call
1076 -- Guard against a missing [Deep_]Finalize when the designated
1077 -- type was not properly frozen.
1083 -- When the target or profile supports deallocation, wrap the
1084 -- finalization call in a block to ensure proper deallocation even
1085 -- if finalization fails. Generate:
1087 -- begin
1088 -- <Fin_Call>
1089 -- exception
1090 -- when others =>
1091 -- <Free_Stmt>
1092 -- raise;
1093 -- end;
1096 Fin_Call :=
1098 Handled_Statement_Sequence =>
1114 -- Signal the accessibility failure through a Program_Error
1120 -- Step 2: Create the accessibility comparison
1122 -- Generate:
1123 -- Ref'Tag
1125 Obj_Ref :=
1130 -- For tagged types, determine the accessibility level by looking at
1131 -- the type specific data of the dispatch table. Generate:
1133 -- Type_Specific_Data (Address (Ref'Tag)).Access_Level
1138 -- Use a runtime call to determine the accessibility level when
1139 -- compiling on virtual machine targets. Generate:
1141 -- Get_Access_Level (Ref'Tag)
1143 else
1144 Cond :=
1146 Name =>
1151 Cond :=
1156 -- Due to the complexity and side effects of the check, utilize an if
1157 -- statement instead of the regular Program_Error circuitry.
1166 ------------------------------------------
1167 -- Check_Return_Construct_Accessibility --
1168 ------------------------------------------
1170 procedure Check_Return_Construct_Accessibility
1173 is
1178 -- Function result subtype
1181 -- Obtain the first selector or choice from a given association
1183 function Is_Formal_Of_Current_Function
1185 -- Predicate to test if a given expression associated with a
1186 -- discriminant is a formal parameter to the function in which the
1187 -- return construct we checking applies to.
1189 --------------------
1190 -- First_Selector --
1191 --------------------
1194 begin
1201 else
1206 -----------------------------------
1207 -- Is_Formal_Of_Current_Function --
1208 -----------------------------------
1210 function Is_Formal_Of_Current_Function
1212 begin
1214 and then Enclosing_Subprogram
1219 -- Local declarations
1222 -- Assoc should perhaps be renamed and declared as a
1223 -- Node_Or_Entity_Id since it encompasses not only component and
1224 -- discriminant associations, but also discriminant components within
1225 -- a type declaration or subtype indication ???
1240 -- Start of processing for Check_Return_Construct_Accessibility
1242 begin
1243 -- Only perform checks on record types with access discriminants and
1244 -- non-internally generated functions.
1249 then
1253 -- We are only interested in return statements
1256 N_Extended_Return_Statement | N_Simple_Return_Statement
1257 then
1261 -- Fetch the object from the return statement, in the case of a
1262 -- simple return statement the expression is part of the node.
1265 -- Obtain the object definition from the expanded extended return
1269 -- Inspect the original node to avoid object declarations
1270 -- expanded into renamings.
1274 then
1283 -- Could be dealing with a renaming
1286 else
1290 -- Obtain the accessibility levels of the expressions associated
1291 -- with all anonymous access discriminants, then generate a
1292 -- dynamic check or static error when relevant.
1294 -- Note the repeated use of Original_Node to avoid checking
1295 -- expanded code.
1299 -- Get the corresponding declaration based on the return object's
1300 -- identifier.
1304 in N_Object_Declaration
1305 | N_Object_Renaming_Declaration
1306 then
1309 -- We were passed the object declaration directly, so use it
1312 | N_Object_Renaming_Declaration
1313 then
1316 -- Otherwise, we are looking at something else
1318 else
1323 -- Hop up object renamings when present
1327 then
1331 -- We may be looking at the expansion of iterators or
1332 -- some other internally generated construct, so it is safe
1333 -- to ignore checks ???
1339 Obj_Decl := Original_Node
1340 (Declaration_Node
1343 -- Move up to the next declaration based on the object's name
1345 else
1346 Obj_Decl := Original_Node
1352 -- Obtain the discriminant values from the return aggregate
1354 -- Do we cover extension aggregates correctly ???
1359 else
1363 -- There is an object declaration for the return object
1366 -- When a subtype indication is present in an object declaration
1367 -- it must contain the object's discriminants.
1370 Assoc := First
1371 (Constraints
1372 (Constraint
1375 -- The object declaration contains an aggregate
1380 -- Grab the first associated discriminant expresion
1382 if Present
1384 then
1385 Assoc := First
1386 (Expressions
1388 else
1389 Assoc := First
1390 (Component_Associations
1394 -- Otherwise, this is something else
1396 else
1400 -- There are no supplied discriminants in the object declaration,
1401 -- so get them from the type definition since they must be default
1402 -- initialized.
1404 -- Do we handle constrained subtypes correctly ???
1407 Assoc := First_Discriminant
1410 else
1414 -- When we are not looking at an aggregate or an identifier, return
1415 -- since any other construct (like a function call) is not
1416 -- applicable since checks will be performed on the side of the
1417 -- callee.
1419 else
1423 -- Obtain the discriminants so we know the actual type in case the
1424 -- value of their associated expression gets implicitly converted.
1431 else
1432 Disc := First_Discriminant
1436 -- Preserve the first discriminant for checking named associations
1440 -- Count the number of discriminants for processing an aggregate
1441 -- which includes an others.
1452 -- Loop through each of the discriminants and check each expression
1453 -- associated with an anonymous access discriminant.
1455 -- When named associations occur in the return aggregate then
1456 -- discriminants can be in any order, so we need to ensure we do
1457 -- not continue to loop when all discriminants have been seen.
1463 loop
1464 -- Handle named associations by searching through the names of
1465 -- the relevant discriminant components.
1468 in N_Component_Association | N_Discriminant_Association
1469 then
1473 -- We currently don't handle box initialized discriminants,
1474 -- however, since default initialized anonymous access
1475 -- discriminants are a corner case, this is ok for now ???
1479 then
1484 -- When others is present we must identify a discriminant we
1485 -- haven't already seen so as to get the appropriate type for
1486 -- the static accessibility check.
1488 -- This works because all components within an others clause
1489 -- must have the same type.
1495 declare
1497 begin
1498 -- Move through the list of identified discriminants
1502 -- Exit the loop when we found a match
1504 exit when
1510 -- When we have exited the above loop without finding
1511 -- a match then we know that Disc has not been seen.
1519 -- If we got to an others clause with a non-zero
1520 -- discriminant count there must be a discriminant left to
1521 -- check.
1525 -- Set the unseen discriminant count to zero because we know
1526 -- an others clause sets all remaining components of an
1527 -- aggregate.
1531 -- Move through each of the selectors in the named association
1532 -- and obtain a discriminant for accessibility checking if one
1533 -- is referenced in the list. Also track which discriminants
1534 -- are referenced for the purpose of handling an others clause.
1536 else
1537 declare
1540 begin
1545 -- Check each of the choices in the associations for a
1546 -- match to the name of the current discriminant.
1550 -- When the name matches we track that we have seen
1551 -- the discriminant, but instead of exiting the
1552 -- loop we continue iterating to make sure all the
1553 -- discriminants within the named association get
1554 -- tracked.
1571 -- Unwrap the associated expression if we are looking at a default
1572 -- initialized type declaration. In this case Assoc is not really
1573 -- an association, but a component declaration. Should Assoc be
1574 -- renamed in some way to be more clear ???
1576 -- This occurs when the return object does not initialize
1577 -- discriminant and instead relies on the type declaration for
1578 -- their supplied values.
1582 then
1588 -- Otherwise, there is nothing to do because Assoc is an
1589 -- expression within the return aggregate itself.
1591 else
1598 -- Check the accessibility level of the expression when the
1599 -- discriminant is of an anonymous access type.
1605 -- We disable the check when we have a tagged return type and
1606 -- the associated expression for the discriminant is a formal
1607 -- parameter since the check would require us to compare the
1608 -- accessibility level of Assoc_Expr to the level of the
1609 -- Extra_Accessibility_Of_Result of the function - which is
1610 -- currently disabled for functions with tagged return types.
1611 -- This may change in the future ???
1613 -- See Needs_Result_Accessibility_Level for details.
1615 and then not
1619 then
1620 -- Generate a dynamic check based on the extra accessibility of
1621 -- the result or the scope of the current function.
1623 Check_Cond :=
1625 Left_Opnd => Accessibility_Level
1629 Right_Opnd =>
1632 -- When Assoc_Expr is a formal we have to look at the
1633 -- extra accessibility-level formal associated with
1634 -- the result.
1637 then
1638 New_Occurrence_Of
1641 -- Otherwise, we compare the level of Assoc_Expr to the
1642 -- scope of the current function.
1644 else
1645 Make_Integer_Literal
1653 -- If constant folding has happened on the condition for the
1654 -- generated error, then warn about it being unconditional when
1655 -- we know an error will be raised.
1659 then
1660 Error_Msg_N
1666 -- Iterate over the discriminants, except when we have encountered
1667 -- a named association since the discriminant order becomes
1668 -- irrelevant in that case.
1674 -- Iterate over associations
1678 else
1684 -------------------------------
1685 -- Deepest_Type_Access_Level --
1686 -------------------------------
1688 function Deepest_Type_Access_Level
1691 is
1692 begin
1696 then
1697 -- No_Dynamic_Accessibility_Checks override for alternative
1698 -- accessibility model.
1700 if Allow_Alt_Model
1702 then
1706 -- Typ is the type of an Ada 2012 stand-alone object of an anonymous
1707 -- access type.
1709 return
1710 Scope_Depth (Enclosing_Dynamic_Scope
1711 (Defining_Identifier
1714 -- For generic formal type, return Int'Last (infinite).
1715 -- See comment preceding Is_Generic_Type call in Type_Access_Level.
1720 else
1725 -----------------------------------
1726 -- Effective_Extra_Accessibility --
1727 -----------------------------------
1730 begin
1733 then
1735 else
1740 -------------------------------
1741 -- Get_Dynamic_Accessibility --
1742 -------------------------------
1745 begin
1746 -- When minimum accessibility is set for E then we utilize it - except
1747 -- in a few edge cases like the expansion of select statements where
1748 -- generated subprogram may attempt to unnecessarily use a minimum
1749 -- accessibility object declared outside of scope.
1751 -- To avoid these situations where expansion may get complex we verify
1752 -- that the minimum accessibility object is within scope.
1757 then
1764 -----------------------
1765 -- Has_Access_Values --
1766 -----------------------
1769 is
1772 begin
1773 -- Case of a private type which is not completed yet. This can only
1774 -- happen in the case of a generic formal type appearing directly, or
1775 -- as a component of the type to which this function is being applied
1776 -- at the top level. Return False in this case, since we certainly do
1777 -- not know that the type contains access types.
1789 declare
1792 begin
1793 -- Loop to check components
1798 -- Check for access component, tag field does not count, even
1799 -- though it is implemented internally using an access type.
1803 then
1813 else
1818 ---------------------------------------
1819 -- Has_Anonymous_Access_Discriminant --
1820 ---------------------------------------
1823 is
1826 begin
1843 --------------------------------------------
1844 -- Has_Unconstrained_Access_Discriminants --
1845 --------------------------------------------
1847 function Has_Unconstrained_Access_Discriminants
1849 is
1852 begin
1855 then
1869 --------------------------------
1870 -- Is_Anonymous_Access_Actual --
1871 --------------------------------
1875 begin
1883 | N_If_Expression
1884 | N_Parameter_Association
1885 loop
1891 --------------------------------------
1892 -- Is_Special_Aliased_Formal_Access --
1893 --------------------------------------
1895 function Is_Special_Aliased_Formal_Access
1898 is
1900 begin
1901 -- Verify the expression is an access reference to 'Access within a
1902 -- return statement as this is the only time an explicitly aliased
1903 -- formal has different semantics.
1910 then
1914 -- Check if the prefix of the reference is indeed an explicitly aliased
1915 -- formal parameter for the function Scop. Additionally, we must check
1916 -- that Scop returns an anonymous access type, otherwise the special
1917 -- rules dictating a need for a dynamic check are not in effect.
1923 --------------------------------------
1924 -- Needs_Result_Accessibility_Level --
1925 --------------------------------------
1927 function Needs_Result_Accessibility_Level
1929 is
1932 function Has_Unconstrained_Access_Discriminant_Component
1934 -- Returns True if any component of the type has an unconstrained access
1935 -- discriminant.
1937 -----------------------------------------------------
1938 -- Has_Unconstrained_Access_Discriminant_Component --
1939 -----------------------------------------------------
1941 function Has_Unconstrained_Access_Discriminant_Component
1943 is
1944 begin
1948 -- Only limited types can have access discriminants with
1949 -- defaults.
1955 return Has_Unconstrained_Access_Discriminant_Component
1959 declare
1962 begin
1965 if Has_Unconstrained_Access_Discriminant_Component
1967 then
1980 -- Flag used to temporarily disable a "True" result for tagged types.
1981 -- See comments further below for details.
1983 -- Start of processing for Needs_Result_Accessibility_Level
1985 begin
1986 -- False if completion unavailable, which can happen when we are
1987 -- analyzing an abstract subprogram or if the subprogram has
1988 -- delayed freezing.
1993 -- False if not a function, also handle enum-lit renames case
1997 then
2000 -- Handle a corner case, a cross-dialect subp renaming. For example,
2001 -- an Ada 2012 renaming of an Ada 2005 subprogram. This can occur when
2002 -- an Ada 2005 (or earlier) unit references predefined run-time units.
2006 -- Unimplemented: a cross-dialect subp renaming which does not set
2007 -- the Alias attribute (e.g., a rename of a dereference of an access
2008 -- to subprogram value). ???
2012 -- Remaining cases require Ada 2012 mode, unless they are dispatching
2013 -- operations, since they may be overridden by Ada_2012 primitives.
2017 then
2020 -- Handle the situation where a result is an anonymous access type
2021 -- RM 3.10.2 (10.3/3).
2026 -- In the case of, say, a null tagged record result type, the need for
2027 -- this extra parameter might not be obvious so this function returns
2028 -- True for all tagged types for compatibility reasons.
2030 -- A function with, say, a tagged null controlling result type might
2031 -- be overridden by a primitive of an extension having an access
2032 -- discriminant and the overrider and overridden must have compatible
2033 -- calling conventions (including implicitly declared parameters).
2035 -- Similarly, values of one access-to-subprogram type might designate
2036 -- both a primitive subprogram of a given type and a function which is,
2037 -- for example, not a primitive subprogram of any type. Again, this
2038 -- requires calling convention compatibility. It might be possible to
2039 -- solve these issues by introducing wrappers, but that is not the
2040 -- approach that was chosen.
2042 -- Note: Despite the reasoning noted above, the extra accessibility
2043 -- parameter for tagged types is disabled for performance reasons.
2054 -- False for all other cases
2056 else
2061 ------------------------------------------
2062 -- Prefix_With_Safe_Accessibility_Level --
2063 ------------------------------------------
2065 function Prefix_With_Safe_Accessibility_Level
2068 is
2075 -- Return False if the prefix has a value conversion of an array type
2077 ----------------------------
2078 -- Safe_Value_Conversions --
2079 ----------------------------
2084 begin
2085 loop
2091 | N_Unchecked_Type_Conversion
2093 then
2100 N_Aggregate | N_Extension_Aggregate
2101 then
2104 else
2112 -- Start of processing for Prefix_With_Safe_Accessibility_Level
2114 begin
2115 -- No check required for unchecked and unrestricted access
2119 then
2122 -- Check value conversions
2125 and then not Safe_Value_Conversions
2126 then
2133 -----------------------------
2134 -- Subprogram_Access_Level --
2135 -----------------------------
2138 begin
2141 else
2146 --------------------------------
2147 -- Static_Accessibility_Level --
2148 --------------------------------
2150 function Static_Accessibility_Level
2154 is
2155 begin
2156 return Intval
2160 -----------------------
2161 -- Type_Access_Level --
2162 -----------------------
2164 function Type_Access_Level
2168 is
2172 begin
2173 -- Ada 2005 (AI-230): For most cases of anonymous access types, we
2174 -- simply use the level where the type is declared. This is true for
2175 -- stand-alone object declarations, and for anonymous access types
2176 -- associated with components the level is the same as that of the
2177 -- enclosing composite type. However, special treatment is needed for
2178 -- the cases of access parameters, return objects of an anonymous access
2179 -- type, and, in Ada 95, access discriminants of limited types.
2183 -- No_Dynamic_Accessibility_Checks restriction override for
2184 -- alternative accessibility model.
2186 if Allow_Alt_Model
2188 then
2189 -- In the -gnatd_b model, the level of an anonymous access
2190 -- type is always that of the designated type.
2193 return Type_Access_Level
2197 -- When an anonymous access type's Assoc_Ent is specified,
2198 -- calculate the result based on the general accessibility
2199 -- level routine.
2201 -- We would like to use Associated_Node_For_Itype here instead,
2202 -- but in some cases it is not fine grained enough ???
2205 return Static_Accessibility_Level
2209 -- Otherwise take the context of the anonymous access type into
2210 -- account.
2212 -- Obtain the defining entity for the internally generated
2213 -- anonymous access type.
2215 Def_Ent := Defining_Entity_Or_Empty
2219 -- When the defining entity is a subprogram then we know the
2220 -- anonymous access type Typ has been generated to either
2221 -- describe an anonymous access type formal or an anonymous
2222 -- access result type.
2224 -- Since we are only interested in the formal case, avoid
2225 -- the anonymous access result type.
2230 then
2231 -- When the type comes from an anonymous access
2232 -- parameter, the level is that of the subprogram
2233 -- declaration.
2237 -- When the type is an access discriminant, the level is
2238 -- that of the type.
2241 return Scope_Depth
2244 else
2249 -- If the type is a nonlocal anonymous access type (such as for
2250 -- an access parameter) we treat it as being declared at the
2251 -- library level to ensure that names such as X.all'access don't
2252 -- fail static accessibility checks.
2257 -- If this is a return object, the accessibility level is that of
2258 -- the result subtype of the enclosing function. The test here is
2259 -- little complicated, because we have to account for extended
2260 -- return statements that have been rewritten as blocks, in which
2261 -- case we have to find and the Is_Return_Object attribute of the
2262 -- itype's associated object. It would be nice to find a way to
2263 -- simplify this test, but it doesn't seem worthwhile to add a new
2264 -- flag just for purposes of this test. ???
2267 or else
2270 N_Object_Declaration
2271 and then Is_Return_Object
2272 (Defining_Identifier
2274 then
2275 declare
2278 begin
2285 -- Treat the return object's type as having the level of the
2286 -- function's result subtype (as per RM05-6.5(5.3/2)).
2295 -- The accessibility level of anonymous access types associated with
2296 -- discriminants is that of the current instance of the type, and
2297 -- that's deeper than the type itself (AARM 3.10.2 (12.3.21)).
2299 -- AI-402: access discriminants have accessibility based on the
2300 -- object rather than the type in Ada 2005, so the above paragraph
2301 -- doesn't apply.
2303 -- ??? Needs completion with rules from AI-416
2309 N_Discriminant_Specification
2310 then
2315 -- Return library level for a generic formal type. This is done because
2316 -- RM(10.3.2) says that "The statically deeper relationship does not
2317 -- apply to ... a descendant of a generic formal type". Rather than
2318 -- checking at each point where a static accessibility check is
2319 -- performed to see if we are dealing with a formal type, this rule is
2320 -- implemented by having Type_Access_Level and Deepest_Type_Access_Level
2321 -- return extreme values for a formal type; Deepest_Type_Access_Level
2322 -- returns Int'Last. By calling the appropriate function from among the
2323 -- two, we ensure that the static accessibility check will pass if we
2324 -- happen to run into a formal type. More specifically, we should call
2325 -- Deepest_Type_Access_Level instead of Type_Access_Level whenever the
2326 -- call occurs as part of a static accessibility check and the error
2327 -- case is the case where the type's level is too shallow (as opposed
2328 -- to too deep).